Pros and Cons of Password Managers

I can hear it now, “Not another post about passwords. Someone make it stop!” Well as long as ‘password’ and ‘123456’ continue to top lists of most commonly used passwords, I am going to keep writing about passwords.

Password managers are tools used for storing passwords either on your computer or in the cloud (aka, the Internet). Think of them as a highly secure “post-it” will all your passwords written on it. There are a lot of advantages to using a password manager, and some disadvantages. As a technology specialist, I like to explain both so you can make an informed decision about whether you should use one or not.

Very briefly, a password manager is an application you install on your computer, tablet, or phone that securely stores all of your passwords. Most of them will even enter the username and password (“credentials”) into the login fields for you. Some password managers store the passwords in a local file on the device while others store them in the cloud so all of your devices can access them.

Password managers promise to solve all your password headaches. Admittedly, they do have many positive features.

As stated, they securely store your passwords. So you no longer need to write them down on a post-it or a Notepad file (TextEdit for you Mac users). They are stored in encrypted format either on your PC or on a server on the Internet somewhere. You need to login in to access them. Yes, that means you need a password to access your password manager. But we are talking one password here. And if you use my trick for creating a strong password (seen here), you can safely secure your passwords. Some will even allow for two factor authentication; which is a fancy way of saying you install an app on your phone and enter in the keycode it tells you along with your password.

By storing the passwords securely, you can now use a unique (and very strong) password for everything. Reusing passwords is a very high security risk. Reusing passwords is common. Most people don’t think about it, really. They use the same password for that Pokemon Go forum as they do for their online banking. Hackers only need to hack one to get access to both accounts. Which site do you think is more secure?

And since password managers fill in the username and password for you, you won’t be caught typing in the password (often slowly after failing the first two times). So people nearby won’t “accidentally” see what you typed in.

However, password managers are not a panacea (look it up).

By securing all of your credentials with a single password, their is a risk that someone can access everything with that single password. To help alleviate the risk, you can use a password manager with two factor authentication and periodically change the password. Also, don’t write it down.

Like all software, there are potential security risks. Security software like this tends to be a highly targeted prize by hackers. Software vendors know this, and often release patches when any such vulnerability is found. Of course this is only useful is your install the patches. (Did you know that some of the best know software exploits happened well after a patch was released that blocks it?)

And of course, anything stored in the cloud is a target for hackers. So if your password manager stores your passwords online so multiple devices can access them, there is risk there. But the vendors know this, so they pay extra close attention to security.

So now it’s advice time. I use a password manager. It allows me to use very secure passwords on my most sensitive accounts without having to write them down somewhere or type them in. For me, the advantages outweigh the potential risks. I have seen what people do because they have too many passwords to remember.